Re: First draft of Browser Payments 1.0 spec published

On May 12, 2013, at 9:40 PM, Manu Sporny <msporny@digitalbazaar.com> wrote:

> On 05/09/2013 06:05 PM, Kumar McMillan wrote:
>> There's a feature of Persona that is not documented yet (it's still 
>> experimental) where you can "force" identity assertion to be done by 
>> a single party. This is designed for banks where the bank will want 
>> to know that its three factor auth + image challenge, etc, has been 
>> applied. There are definitely scenarios like this where a 
>> decentralized approach to identity is not secure enough and the 
>> Persona protocol will try to support that.
> 
> Do you have a link explaining this feature in a bit more detail, Kumar?
> It's really important that we understand how this works, because if this
> is the case, we could probably just drop the Web Keys work and move over
> to Persona ASAP.

I don't think it's documented because the Persona team doesn't really want people to use it. However, there was a discussion about this and consensus was that it should be documented, just with a big "experimental, this might break" warning. I'll nudge about putting up said documentation.

In the meantime you could dig through the code and related pull requests or ask in irc.mozilla.org #identity : https://www.google.com/search?q=inurl%3Ahttps%3A%2F%2Fgithub.com%2Fmozilla%2Fbrowserid%2F+forceIssuer&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:unofficial&client=firefox-aurora

You may also want to start a thread about it on the identity list with your use cases (which I think are different than that of Firefox OS). https://lists.mozilla.org/listinfo/dev-identity

Here is a relevant thread: https://groups.google.com/d/msg/mozilla.dev.identity/JzDcePzAs4c/kRN5GL05l4QJ

> 
> -- manu
> 
> -- 
> Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
> Founder/CEO - Digital Bazaar, Inc.
> blog: Meritora - Web payments commercial launch
> http://blog.meritora.com/launch/
>

Received on Monday, 13 May 2013 15:57:06 UTC